<?php
if (isset($_SESSION['admin-login'])) {
	if (isset($_POST['submit'])) {
		$ubaru = $_POST['ubaru'];
		$plama = $_POST['plama'];
		$pbaru = $_POST['pbaru'];
		$cbaru = $_POST['cbaru'];
		if (strlen($ubaru) == 0 || strlen($plama) == 0 || strlen($pbaru) == 0) {
			$_SESSION['status-account'] = 'Semua input harus diisi';
		} else {
			if (strlen($ubaru) > 10 || strlen($pbaru) > 10) {
				$_SESSION['status-account'] = 'Username dan Password maksimal 8 karakter';
			} else {
				if (!preg_match('/^[A-Za-z0-9]*$/', $ubaru) || !preg_match('/^[A-Za-z0-9]*$/', $pbaru)) {
					$_SESSION['status-account'] = 'Username dan Password hanya boleh huruf dan angka';
				} else {
					if ($pbaru != $cbaru) {
						$_SESSION['status-account'] = 'Password dan Konfirmasi password harus sama';
					} else {
						$ulama = $_SESSION['admin-login'];
						$ubaru = amankan($ubaru);
						$plama = md5($plama);
						$pbaru = md5($pbaru);
						$check_login = db_result("SELECT * FROM user WHERE username = '$ulama' AND password = '$plama'");
						if (!$check_login) {
							$_SESSION['status-account'] = 'Password lama salah';
						} else {	
							$user = db_result("SELECT * FROM user WHERE username = '$ulama' AND password = '$plama'");
							db_query("UPDATE user SET username = '$ubaru', password = '$pbaru' WHERE id = ".$user['id']);
							unset($_SESSION['admin-login']);
							$_SESSION['admin-login'] = $ubaru;
							$_SESSION['status-account'] = 'Username dan Password sudah diganti';
						}
					}
				}
			}
		}
		header('Location: '.site()."/".$param[0]."/account");
	}
} else {
	$_SESSION['status-login'] = "Log in terlebih dahulu untuk melanjutkan";
	header("Location: ".site()."/".$param[0]."/login");
}
?>